ASN.1
What is ASN.1?
ASN.1Abstract Syntax Notation One: an ITU-T standard (X.680 series) that describes data structures used in cryptography and telecoms in a language-independent way.
ASN.1 (Abstract Syntax Notation One) is a formal notation, defined in ITU-T X.680 and X.681, for describing structured data such as integers, sequences, sets, choices, and tagged types. Companion standards X.690 specify wire encodings: BER (basic), CER, DER (distinguished, used everywhere in PKI) and PER (packed). ASN.1 underpins X.509 certificates, CMS/PKCS#7, PKCS#12, LDAP, Kerberos, SNMP, and many telecom protocols (3GPP signalling, GSM MAP, S1AP). Because DER guarantees a single canonical encoding, signatures and hashes computed over ASN.1 structures are reproducible. Parser bugs in ASN.1 libraries have caused notorious vulnerabilities such as CVE-2016-2108 (OpenSSL) and CVE-2021-3711, so safe parsers and strict DER are essential.
● Examples
- 01
An X.509 certificate is a SEQUENCE of TBSCertificate, signatureAlgorithm, and signatureValue, encoded in DER.
- 02
3GPP S1AP messages between an eNodeB and an MME are described in ASN.1 and encoded with PER.
● Frequently asked questions
What is ASN.1?
Abstract Syntax Notation One: an ITU-T standard (X.680 series) that describes data structures used in cryptography and telecoms in a language-independent way. It belongs to the Cryptography category of cybersecurity.
What does ASN.1 mean?
Abstract Syntax Notation One: an ITU-T standard (X.680 series) that describes data structures used in cryptography and telecoms in a language-independent way.
How does ASN.1 work?
ASN.1 (Abstract Syntax Notation One) is a formal notation, defined in ITU-T X.680 and X.681, for describing structured data such as integers, sequences, sets, choices, and tagged types. Companion standards X.690 specify wire encodings: BER (basic), CER, DER (distinguished, used everywhere in PKI) and PER (packed). ASN.1 underpins X.509 certificates, CMS/PKCS#7, PKCS#12, LDAP, Kerberos, SNMP, and many telecom protocols (3GPP signalling, GSM MAP, S1AP). Because DER guarantees a single canonical encoding, signatures and hashes computed over ASN.1 structures are reproducible. Parser bugs in ASN.1 libraries have caused notorious vulnerabilities such as CVE-2016-2108 (OpenSSL) and CVE-2021-3711, so safe parsers and strict DER are essential.
How do you defend against ASN.1?
Defences for ASN.1 typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for ASN.1?
Common alternative names include: Abstract Syntax Notation One, X.680.
● Related terms
- cryptography№ 831
PKCS#7
A binary format for packaging signed and/or encrypted data, standardised by the IETF as Cryptographic Message Syntax (CMS) in RFC 5652.
- cryptography№ 830
PKCS#12
A password-protected file format (.pfx / .p12) that bundles a private key with its certificate chain, standardised by RFC 7292.
- cryptography№ 811
PEM Format
A textual encoding for cryptographic objects (keys, certificates, CRLs) defined by RFC 7468 that wraps Base64-encoded DER in BEGIN and END header lines.
- identity-access№ 611
LDAP
The Lightweight Directory Access Protocol, an IETF standard for querying and modifying hierarchical directory services over TCP/IP, typically on port 389 or 636 with TLS.
- identity-access№ 584
Kerberos
A ticket-based network authentication protocol that uses symmetric cryptography and a trusted Key Distribution Center to enable secure single sign-on across services.